Welcome to WebmasterWorld Guest from 54.158.166.6

Forum Moderators: phranque

Message Too Old, No Replies

DNS servers make light work for hackers

   
5:10 pm on Mar 24, 2006 (gmt 0)

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



In a twist on distributed denial-of-service attacks, cybercriminals are using DNS servers--the phonebooks of the Internet--to amplify their assaults and disrupt online business.

Earlier this year, VeriSign experienced attacks on its systems that were larger than anything it had ever seen before, it said last week. The Mountain View, Calif.-based company, which helps companies do business on the Web, discovered that the assaults weren't coming from commandeered "bot" computers, as is common. Instead, its machines were under attack by DNS (domain name system) servers.


cybercriminals are using DNS servers [news.com.com]
5:24 pm on Mar 24, 2006 (gmt 0)

WebmasterWorld Senior Member pageoneresults is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Related...

DNS Recursion - Open DNS Servers
[webmasterworld.com...]

11:16 pm on Mar 24, 2006 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



My dedicated hosting provider wrote to say "don't worry about it" after I alerted them to the "open" state of their DNS.

I wrote back saying, "I'm not worried about it, personally, but maybe your engineers should take a look at.." the article engine linked to.

It's not too much of a problem for the individuals served by the DNS unless (a) the cache is poisoned against their IP, (b) the DNS becomes too busy redirecting bogus requests to serve normally or (c) the DNS gets blacklisted as a result of being abused.

In any of those scenarios, it's a pretty big problem for the individuals.

3:14 am on Mar 25, 2006 (gmt 0)

10+ Year Member



My dedicated hosting provider wrote to say "don't worry about it" after I alerted them to the "open" state of their DNS.

No offense, but you should get a better dedicated hosting provider. There are many out there.

9:40 pm on Mar 26, 2006 (gmt 0)

10+ Year Member



Here is a mini checklist to help out:

If you are disabling recursion on all your dns servers,

1. You need a dns server to do lookups for all your mail servers, this will include webservers that send email. Best source is your ISP. Failing that you will have to configure an internal one that does lookups but only for your own network of machines. This will use up 1 or 2 more spots in your rack and that is the biggest reason to use your ISP's.

2. When you convert all your machines over, if you have any multihomed (2 network adapters) servers make sure that either both of them have the new dns or only 1 of them has the new dns. There are instances where the OS can pickup the wrong dns if it thinks your second adapter is the primary. An easy way to test is to open a cmd prompt and run nslookup. If you see the wrong dns server then this is the case.

3. Just because you changed the dns on the network properties doesn't mean your applications will inherit the setting. For example, mail servers such as Merak & Mail enable have a setting within the application that tells them which DNS servers to use. Your dns servers that you have disabled recursion on will only resolve your own authoratative domains, you must use recursive ones to get anywhere else.

12:56 am on Mar 27, 2006 (gmt 0)

WebmasterWorld Senior Member pageoneresults is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Well, this appears to be the new trend. Now that this is public, I would imagine all the kids are out playing right now...

2006/03/26 - Domain Registrar Joker Hit by DDoS
[news.netcraft.com...]

Joker.com currently experiences massive distributed denial of service attacks against nameservers," the registrar says in an advisory on its home page. "This affects DNS resolution of Joker.com itself, and also domains which make use of Joker.com nameservers. We are very sorry for this issue, but we are working hard for a permanent solution."

More than 550,000 domains are registered with Joker, which is based in Germany. Any of those domains that use Joker's DNS servers are likely to be affected.